You are on page 1of 3

SonicWALL HA: How it works

Prepared by SonicWALL, Inc. 03/01/2002

Disclaimer: This document is a bottom-up understanding of how SonicWALL High Availability/Failover works. It assumes the user already has followed instructions for configuration of HA, but would like to get a better understanding of the mechanisms by which SonicWALL HA functions. For configuration information of HA, please check out the following link: http://www.SonicWALL.com/products/documentation/High-Availability_documentation.html Introduction: SonicWALL HA is an active/passive HA solution. (That is to say, that there is currently no load balancing support (active/active) in which both firewalls pass traffic and share the bandwidth load. There is also no state sync, in which the secondary/backup firewall stays in constant synchronization of the primary w/respect to its state table in the case of a catastrophic failover, the backup that comes online, has no knowledge of current sessions, hence all these sessions will be lost, and must be reconnected.). There is an active firewall that passes traffic, and an idle firewall which is a hot standby that monitors the availability of the active firewall and comes online in the case of the active firewalls failure. To understand SonicWALL HA, there must first be a clarification of terms:

Internet
n nnectio ISP co

Router WAN subnet (Hub)

Primary/ Active

Backup/ Idle

LAN subnet (Hub)

Primary: Firewall configured initially as the primary or main firewall (started off as active). Backup: Firewall configured initially to be failed over to in the case of emergency (started off as idle). Active: Firewall in active mode that traffic is currently flowing through. Idle: Firewall in passive mode that awaits the active units failure to assume active role.
Page 1 of 3

2001 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of t heir respective companies.

Title Goes Here

SonicWALL HA has always hinged on a heartbeat mechanism on the LAN side of the firewalls to determine which firewall assumes the active role, and which assumes the passive role. This differs only slightly when pre-empt mode is turned on, but for ease of understanding, well assume this is running with pre-empt mode turned off. Understanding HA: After configuring HA on the primary firewall, and allowing the preferences to sync to the backup firewall, it is important to understand that at this point, both firewalls have knowledge of each other, and of who is the primary/backup and who is the active/idle firewall. While this may change, they are aware of this since it was specified by MAC address/Serial number in the HA configuration on the primary firewall, and these preferences were syncd to the backup firewall. After the initial setup, the primary firewall will likely also be the active firewall. At the same time, the backup firewall will likely be the idle firewall. The firewall acting as the active firewall sends out a heartbeat packet to the idle firewall, in specifiable intervals (by default this interval is 5 seconds). The idle firewall will listen for these heartbeats, and will rema in in an idle state until it misses enough consecutive heartbeats that it exceeds the specifiable heartbeat threshold (by default this threshold is 3 heartbeats). At this point, the Idle (currently, the backup) firewall will assume the active status, and begin taking on the roles of the active firewall by ARP responding for the internal and external IP address specified in the General/Network tab of the primary SonicWALL (This address is also the default gateway for Internet/VPN access). The diagrams below depict a typical HA installation in which all traffic defaults to the primary/active firewall. The primary/active sends a regular heartbeat to the Backup/Idle firewall to notify it that it is running. Simulating a catastrophic failure of the primary box, heartbeats would cease and after the backup/idle firewall missed enough heartbeats to exceed the missed heartbeat threshold, the backup/idle firewall would assume active status, and the failover would be complete.

Router WAN subnet (Hub)

Router WAN subnet (Hub)

Heartbeat Heartbeat Heartbeat

Heartbeat Heartbeat Heartbeat

Primary/ Active

Backup/ Idle

Primary/ Active

Backup/ Idle

promoted to Active

LAN subnet (Hub)

LAN subnet (Hub)

At this point a failover has occurred, and the firewalls have switched states of high availability. The primary firewall is now residing in an idle state, and the backup firewall is now behaving in an active state (is now passing traffic). Note The primary firewall is always the primary firewall, it merely changes state from the active state to the Idle state, conversely, the backup firewall is always the backup firewall, it merely changes its state from the idle state to the active state. When the failed firewall comes back up online, it comes up in idle state and it sends a packet to the other firewall to determine what state the other firewall is in and thereby what state it should assume as it comes online.

Page 2 of 3

2001 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.

Title Goes Here

Pre-empt mode can be turned on if the administrator would like to have the primary firewall failover back into the active state when it comes back online (i.e. after a reboot). This could be a desirable solution, if the party has 3rd party add-ons like AV/CFL/etc and doesnt want to purchase the same add-ons for the backup firewall. In that situation, failing back to the primary will re-activate the 3rd party add-ons ASAP. Pre-empt mode works in the following manner. When the primary is rebooted (for example), and it boots back up, it assumes the active state and forces the backup into an idle state. Conclusion: SonicWALL HA is an active/passive HA solution (no HA, no state sync). After understanding the terms used and understanding the LAN side heartbeat failover mechanism by which HA runs, it becomes quite simple to understand and troubleshoot how HA works and runs. (New to HA is a WAN link failure feature (in firmware 6.3.0.0), in which any WAN link failure will cause the firewall to assume a down status and a failover to occur.)

Page 3 of 3

2001 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.